Merge pull request #44234 from thaJeztah/resolvconf_refactor_step1

libnetwork/resolvconf: some cleaning up and optimisations

libnetwork/resolvconf/resolvconf.go

@@ -88,7 +88,7 @@ var (
 // File contains the resolv.conf content and its hash
 type File struct {
 	Content []byte
-	Hash    string
+	Hash    []byte
 }
 
 // Get returns the contents of /etc/resolv.conf and its hash
@@ -102,11 +102,7 @@ func GetSpecific(path string) (*File, error) {
 	if err != nil {
 		return nil, err
 	}
-	hash, err := hashData(bytes.NewReader(resolv))
-	if err != nil {
-		return nil, err
-	}
-	return &File{Content: resolv, Hash: hash}, nil
+	return &File{Content: resolv, Hash: hashData(resolv)}, nil
 }
 
 // FilterResolvDNS cleans up the config in resolvConf.  It has two main jobs:
@@ -132,11 +128,7 @@ func FilterResolvDNS(resolvConf []byte, ipv6Enabled bool) (*File, error) {
 		}
 		cleanedResolvConf = append(cleanedResolvConf, []byte("\n"+strings.Join(dns, "\n"))...)
 	}
-	hash, err := hashData(bytes.NewReader(cleanedResolvConf))
-	if err != nil {
-		return nil, err
-	}
-	return &File{Content: cleanedResolvConf, Hash: hash}, nil
+	return &File{Content: cleanedResolvConf, Hash: hashData(cleanedResolvConf)}, nil
 }
 
 // getLines parses input into lines and strips away comments.
@@ -156,7 +148,7 @@ func getLines(input []byte, commentMarker []byte) [][]byte {
 
 // GetNameservers returns nameservers (if any) listed in /etc/resolv.conf
 func GetNameservers(resolvConf []byte, kind int) []string {
-	nameservers := []string{}
+	var nameservers []string
 	for _, line := range getLines(resolvConf, []byte("#")) {
 		var ns [][]byte
 		if kind == IP {
@@ -177,7 +169,7 @@ func GetNameservers(resolvConf []byte, kind int) []string {
 // /etc/resolv.conf as CIDR blocks (e.g., "1.2.3.4/32")
 // This function's output is intended for net.ParseCIDR
 func GetNameserversAsCIDR(resolvConf []byte) []string {
-	nameservers := []string{}
+	var nameservers []string
 	for _, nameserver := range GetNameservers(resolvConf, IP) {
 		var address string
 		// If IPv6, strip zone if present
@@ -195,7 +187,7 @@ func GetNameserversAsCIDR(resolvConf []byte) []string {
 // If more than one search line is encountered, only the contents of the last
 // one is returned.
 func GetSearchDomains(resolvConf []byte) []string {
-	domains := []string{}
+	var domains []string
 	for _, line := range getLines(resolvConf, []byte("#")) {
 		match := searchRegexp.FindSubmatch(line)
 		if match == nil {
@@ -210,7 +202,7 @@ func GetSearchDomains(resolvConf []byte) []string {
 // If more than one options line is encountered, only the contents of the last
 // one is returned.
 func GetOptions(resolvConf []byte) []string {
-	options := []string{}
+	var options []string
 	for _, line := range getLines(resolvConf, []byte("#")) {
 		match := optionsRegexp.FindSubmatch(line)
 		if match == nil {
@@ -221,10 +213,11 @@ func GetOptions(resolvConf []byte) []string {
 	return options
 }
 
-// Build writes a configuration file to path containing a "nameserver" entry
-// for every element in dns, a "search" entry for every element in
-// dnsSearch, and an "options" entry for every element in dnsOptions.
-func Build(path string, dns, dnsSearch, dnsOptions []string) (*File, error) {
+// Build generates and writes a configuration file to path containing a nameserver
+// entry for every element in nameservers, a "search" entry for every element in
+// dnsSearch, and an "options" entry for every element in dnsOptions. It returns
+// a File containing the generated content and its (sha256) hash.
+func Build(path string, nameservers, dnsSearch, dnsOptions []string) (*File, error) {
 	content := bytes.NewBuffer(nil)
 	if len(dnsSearch) > 0 {
 		if searchString := strings.Join(dnsSearch, " "); strings.Trim(searchString, " ") != "." {
@@ -233,7 +226,7 @@ func Build(path string, dns, dnsSearch, dnsOptions []string) (*File, error) {
 			}
 		}
 	}
-	for _, dns := range dns {
+	for _, dns := range nameservers {
 		if _, err := content.WriteString("nameserver " + dns + "\n"); err != nil {
 			return nil, err
 		}
@@ -246,10 +239,9 @@ func Build(path string, dns, dnsSearch, dnsOptions []string) (*File, error) {
 		}
 	}
 
-	hash, err := hashData(bytes.NewReader(content.Bytes()))
-	if err != nil {
+	if err := os.WriteFile(path, content.Bytes(), 0o644); err != nil {
 		return nil, err
 	}
 
-	return &File{Content: content.Bytes(), Hash: hash}, os.WriteFile(path, content.Bytes(), 0644)
+	return &File{Content: content.Bytes(), Hash: hashData(content.Bytes())}, nil
 }

libnetwork/resolvconf/resolvconf_linux_test.go

@@ -1,303 +0,0 @@
-package resolvconf
-
-import (
-	"bytes"
-	"os"
-	"testing"
-)
-
-func TestGet(t *testing.T) {
-	resolvConfUtils, err := Get()
-	if err != nil {
-		t.Fatal(err)
-	}
-	resolvConfSystem, err := os.ReadFile("/etc/resolv.conf")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if string(resolvConfUtils.Content) != string(resolvConfSystem) {
-		t.Fatalf("/etc/resolv.conf and GetResolvConf have different content.")
-	}
-	hashSystem, err := hashData(bytes.NewReader(resolvConfSystem))
-	if err != nil {
-		t.Fatal(err)
-	}
-	if resolvConfUtils.Hash != hashSystem {
-		t.Fatalf("/etc/resolv.conf and GetResolvConf have different hashes.")
-	}
-}
-
-func TestGetNameservers(t *testing.T) {
-	for resolv, result := range map[string][]string{`
-nameserver 1.2.3.4
-nameserver 40.3.200.10
-search example.com`: {"1.2.3.4", "40.3.200.10"},
-		`search example.com`: {},
-		`nameserver 1.2.3.4
-search example.com
-nameserver 4.30.20.100`: {"1.2.3.4", "4.30.20.100"},
-		``:                        {},
-		`  nameserver 1.2.3.4   `: {"1.2.3.4"},
-		`search example.com
-nameserver 1.2.3.4
-#nameserver 4.3.2.1`: {"1.2.3.4"},
-		`search example.com
-nameserver 1.2.3.4 # not 4.3.2.1`: {"1.2.3.4"},
-	} {
-		test := GetNameservers([]byte(resolv), IP)
-		if !strSlicesEqual(test, result) {
-			t.Fatalf("Wrong nameserver string {%s} should be %v. Input: %s", test, result, resolv)
-		}
-	}
-}
-
-func TestGetNameserversAsCIDR(t *testing.T) {
-	for resolv, result := range map[string][]string{`
-nameserver 1.2.3.4
-nameserver 40.3.200.10
-search example.com`: {"1.2.3.4/32", "40.3.200.10/32"},
-		`search example.com`: {},
-		`nameserver 1.2.3.4
-search example.com
-nameserver 4.30.20.100`: {"1.2.3.4/32", "4.30.20.100/32"},
-		``:                        {},
-		`  nameserver 1.2.3.4   `: {"1.2.3.4/32"},
-		`search example.com
-nameserver 1.2.3.4
-#nameserver 4.3.2.1`: {"1.2.3.4/32"},
-		`search example.com
-nameserver 1.2.3.4 # not 4.3.2.1`: {"1.2.3.4/32"},
-	} {
-		test := GetNameserversAsCIDR([]byte(resolv))
-		if !strSlicesEqual(test, result) {
-			t.Fatalf("Wrong nameserver string {%s} should be %v. Input: %s", test, result, resolv)
-		}
-	}
-}
-
-func TestGetSearchDomains(t *testing.T) {
-	for resolv, result := range map[string][]string{
-		`search example.com`:                                   {"example.com"},
-		`search example.com # ignored`:                         {"example.com"},
-		`	  search	 example.com	  `:                            {"example.com"},
-		`	  search	 example.com	  # ignored`:                   {"example.com"},
-		`search foo.example.com example.com`:                   {"foo.example.com", "example.com"},
-		`	   search	   foo.example.com	 example.com	`:          {"foo.example.com", "example.com"},
-		`	   search	   foo.example.com	 example.com	# ignored`: {"foo.example.com", "example.com"},
-		``:          {},
-		`# ignored`: {},
-		`nameserver 1.2.3.4
-search foo.example.com example.com`: {"foo.example.com", "example.com"},
-		`nameserver 1.2.3.4
-search dup1.example.com dup2.example.com
-search foo.example.com example.com`: {"foo.example.com", "example.com"},
-		`nameserver 1.2.3.4
-search foo.example.com example.com
-nameserver 4.30.20.100`: {"foo.example.com", "example.com"},
-	} {
-		test := GetSearchDomains([]byte(resolv))
-		if !strSlicesEqual(test, result) {
-			t.Fatalf("Wrong search domain string {%s} should be %v. Input: %s", test, result, resolv)
-		}
-	}
-}
-
-func TestGetOptions(t *testing.T) {
-	for resolv, result := range map[string][]string{
-		`options opt1`:                            {"opt1"},
-		`options opt1 # ignored`:                  {"opt1"},
-		`	  options	 opt1	  `:                     {"opt1"},
-		`	  options	 opt1	  # ignored`:            {"opt1"},
-		`options opt1 opt2 opt3`:                  {"opt1", "opt2", "opt3"},
-		`options opt1 opt2 opt3 # ignored`:        {"opt1", "opt2", "opt3"},
-		`	   options	 opt1	 opt2	 opt3	`:          {"opt1", "opt2", "opt3"},
-		`	   options	 opt1	 opt2	 opt3	# ignored`: {"opt1", "opt2", "opt3"},
-		``:                   {},
-		`# ignored`:          {},
-		`nameserver 1.2.3.4`: {},
-		`nameserver 1.2.3.4
-options opt1 opt2 opt3`: {"opt1", "opt2", "opt3"},
-		`nameserver 1.2.3.4
-options opt1 opt2
-options opt3 opt4`: {"opt3", "opt4"},
-	} {
-		test := GetOptions([]byte(resolv))
-		if !strSlicesEqual(test, result) {
-			t.Fatalf("Wrong options string {%s} should be %v. Input: %s", test, result, resolv)
-		}
-	}
-}
-
-func strSlicesEqual(a, b []string) bool {
-	if len(a) != len(b) {
-		return false
-	}
-
-	for i, v := range a {
-		if v != b[i] {
-			return false
-		}
-	}
-
-	return true
-}
-
-func TestBuild(t *testing.T) {
-	file, err := os.CreateTemp("", "")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.Remove(file.Name())
-
-	_, err = Build(file.Name(), []string{"ns1", "ns2", "ns3"}, []string{"search1"}, []string{"opt1"})
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	content, err := os.ReadFile(file.Name())
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if expected := "search search1\nnameserver ns1\nnameserver ns2\nnameserver ns3\noptions opt1\n"; !bytes.Contains(content, []byte(expected)) {
-		t.Fatalf("Expected to find '%s' got '%s'", expected, content)
-	}
-}
-
-func TestBuildWithZeroLengthDomainSearch(t *testing.T) {
-	file, err := os.CreateTemp("", "")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.Remove(file.Name())
-
-	_, err = Build(file.Name(), []string{"ns1", "ns2", "ns3"}, []string{"."}, []string{"opt1"})
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	content, err := os.ReadFile(file.Name())
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if expected := "nameserver ns1\nnameserver ns2\nnameserver ns3\noptions opt1\n"; !bytes.Contains(content, []byte(expected)) {
-		t.Fatalf("Expected to find '%s' got '%s'", expected, content)
-	}
-	if notExpected := "search ."; bytes.Contains(content, []byte(notExpected)) {
-		t.Fatalf("Expected to not find '%s' got '%s'", notExpected, content)
-	}
-}
-
-func TestBuildWithNoOptions(t *testing.T) {
-	file, err := os.CreateTemp("", "")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.Remove(file.Name())
-
-	_, err = Build(file.Name(), []string{"ns1", "ns2", "ns3"}, []string{"search1"}, []string{})
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	content, err := os.ReadFile(file.Name())
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if expected := "search search1\nnameserver ns1\nnameserver ns2\nnameserver ns3\n"; !bytes.Contains(content, []byte(expected)) {
-		t.Fatalf("Expected to find '%s' got '%s'", expected, content)
-	}
-	if notExpected := "search ."; bytes.Contains(content, []byte(notExpected)) {
-		t.Fatalf("Expected to not find '%s' got '%s'", notExpected, content)
-	}
-}
-
-func TestFilterResolvDns(t *testing.T) {
-	ns0 := "nameserver 10.16.60.14\nnameserver 10.16.60.21\n"
-
-	if result, _ := FilterResolvDNS([]byte(ns0), false); result != nil {
-		if ns0 != string(result.Content) {
-			t.Fatalf("Failed No Localhost: expected \n<%s> got \n<%s>", ns0, string(result.Content))
-		}
-	}
-
-	ns1 := "nameserver 10.16.60.14\nnameserver 10.16.60.21\nnameserver 127.0.0.1\n"
-	if result, _ := FilterResolvDNS([]byte(ns1), false); result != nil {
-		if ns0 != string(result.Content) {
-			t.Fatalf("Failed Localhost: expected \n<%s> got \n<%s>", ns0, string(result.Content))
-		}
-	}
-
-	ns1 = "nameserver 10.16.60.14\nnameserver 127.0.0.1\nnameserver 10.16.60.21\n"
-	if result, _ := FilterResolvDNS([]byte(ns1), false); result != nil {
-		if ns0 != string(result.Content) {
-			t.Fatalf("Failed Localhost: expected \n<%s> got \n<%s>", ns0, string(result.Content))
-		}
-	}
-
-	ns1 = "nameserver 127.0.1.1\nnameserver 10.16.60.14\nnameserver 10.16.60.21\n"
-	if result, _ := FilterResolvDNS([]byte(ns1), false); result != nil {
-		if ns0 != string(result.Content) {
-			t.Fatalf("Failed Localhost: expected \n<%s> got \n<%s>", ns0, string(result.Content))
-		}
-	}
-
-	ns1 = "nameserver ::1\nnameserver 10.16.60.14\nnameserver 127.0.2.1\nnameserver 10.16.60.21\n"
-	if result, _ := FilterResolvDNS([]byte(ns1), false); result != nil {
-		if ns0 != string(result.Content) {
-			t.Fatalf("Failed Localhost: expected \n<%s> got \n<%s>", ns0, string(result.Content))
-		}
-	}
-
-	ns1 = "nameserver 10.16.60.14\nnameserver ::1\nnameserver 10.16.60.21\nnameserver ::1"
-	if result, _ := FilterResolvDNS([]byte(ns1), false); result != nil {
-		if ns0 != string(result.Content) {
-			t.Fatalf("Failed Localhost: expected \n<%s> got \n<%s>", ns0, string(result.Content))
-		}
-	}
-
-	// with IPv6 disabled (false param), the IPv6 nameserver should be removed
-	ns1 = "nameserver 10.16.60.14\nnameserver 2002:dead:beef::1\nnameserver 10.16.60.21\nnameserver ::1"
-	if result, _ := FilterResolvDNS([]byte(ns1), false); result != nil {
-		if ns0 != string(result.Content) {
-			t.Fatalf("Failed Localhost+IPv6 off: expected \n<%s> got \n<%s>", ns0, string(result.Content))
-		}
-	}
-
-	// with IPv6 disabled (false param), the IPv6 link-local nameserver with zone ID should be removed
-	ns1 = "nameserver 10.16.60.14\nnameserver FE80::BB1%1\nnameserver FE80::BB1%eth0\nnameserver 10.16.60.21\n"
-	if result, _ := FilterResolvDNS([]byte(ns1), false); result != nil {
-		if ns0 != string(result.Content) {
-			t.Fatalf("Failed Localhost+IPv6 off: expected \n<%s> got \n<%s>", ns0, string(result.Content))
-		}
-	}
-
-	// with IPv6 enabled, the IPv6 nameserver should be preserved
-	ns0 = "nameserver 10.16.60.14\nnameserver 2002:dead:beef::1\nnameserver 10.16.60.21\n"
-	ns1 = "nameserver 10.16.60.14\nnameserver 2002:dead:beef::1\nnameserver 10.16.60.21\nnameserver ::1"
-	if result, _ := FilterResolvDNS([]byte(ns1), true); result != nil {
-		if ns0 != string(result.Content) {
-			t.Fatalf("Failed Localhost+IPv6 on: expected \n<%s> got \n<%s>", ns0, string(result.Content))
-		}
-	}
-
-	// with IPv6 enabled, and no non-localhost servers, Google defaults (both IPv4+IPv6) should be added
-	ns0 = "\nnameserver 8.8.8.8\nnameserver 8.8.4.4\nnameserver 2001:4860:4860::8888\nnameserver 2001:4860:4860::8844"
-	ns1 = "nameserver 127.0.0.1\nnameserver ::1\nnameserver 127.0.2.1"
-	if result, _ := FilterResolvDNS([]byte(ns1), true); result != nil {
-		if ns0 != string(result.Content) {
-			t.Fatalf("Failed no Localhost+IPv6 enabled: expected \n<%s> got \n<%s>", ns0, string(result.Content))
-		}
-	}
-
-	// with IPv6 disabled, and no non-localhost servers, Google defaults (only IPv4) should be added
-	ns0 = "\nnameserver 8.8.8.8\nnameserver 8.8.4.4"
-	ns1 = "nameserver 127.0.0.1\nnameserver ::1\nnameserver 127.0.2.1"
-	if result, _ := FilterResolvDNS([]byte(ns1), false); result != nil {
-		if ns0 != string(result.Content) {
-			t.Fatalf("Failed no Localhost+IPv6 enabled: expected \n<%s> got \n<%s>", ns0, string(result.Content))
-		}
-	}
-}

libnetwork/resolvconf/resolvconf_unix_test.go

@@ -0,0 +1,427 @@
+//go:build !windows
+// +build !windows
+
+package resolvconf
+
+import (
+	"bytes"
+	"os"
+	"testing"
+)
+
+func TestGet(t *testing.T) {
+	actual, err := Get()
+	if err != nil {
+		t.Fatal(err)
+	}
+	expected, err := os.ReadFile(Path())
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !bytes.Equal(actual.Content, expected) {
+		t.Errorf("%s and GetResolvConf have different content.", Path())
+	}
+	if !bytes.Equal(actual.Hash, hashData(expected)) {
+		t.Errorf("%s and GetResolvConf have different hashes.", Path())
+	}
+}
+
+func TestGetNameservers(t *testing.T) {
+	for _, tc := range []struct {
+		input  string
+		result []string
+	}{
+		{
+			input: ``,
+		},
+		{
+			input: `search example.com`,
+		},
+		{
+			input:  `  nameserver 1.2.3.4   `,
+			result: []string{"1.2.3.4"},
+		},
+		{
+			input: `
+nameserver 1.2.3.4
+nameserver 40.3.200.10
+search example.com`,
+			result: []string{"1.2.3.4", "40.3.200.10"},
+		},
+		{
+			input: `nameserver 1.2.3.4
+search example.com
+nameserver 4.30.20.100`,
+			result: []string{"1.2.3.4", "4.30.20.100"},
+		},
+		{
+			input: `search example.com
+nameserver 1.2.3.4
+#nameserver 4.3.2.1`,
+			result: []string{"1.2.3.4"},
+		},
+		{
+			input: `search example.com
+nameserver 1.2.3.4 # not 4.3.2.1`,
+			result: []string{"1.2.3.4"},
+		},
+	} {
+		test := GetNameservers([]byte(tc.input), IP)
+		if !strSlicesEqual(test, tc.result) {
+			t.Errorf("Wrong nameserver string {%s} should be %v. Input: %s", test, tc.result, tc.input)
+		}
+	}
+}
+
+func TestGetNameserversAsCIDR(t *testing.T) {
+	for _, tc := range []struct {
+		input  string
+		result []string
+	}{
+		{
+			input: ``,
+		},
+		{
+			input: `search example.com`,
+		},
+		{
+			input:  `  nameserver 1.2.3.4   `,
+			result: []string{"1.2.3.4/32"},
+		},
+		{
+			input: `
+nameserver 1.2.3.4
+nameserver 40.3.200.10
+search example.com`,
+			result: []string{"1.2.3.4/32", "40.3.200.10/32"},
+		},
+		{
+			input: `nameserver 1.2.3.4
+search example.com
+nameserver 4.30.20.100`,
+			result: []string{"1.2.3.4/32", "4.30.20.100/32"},
+		},
+		{
+			input: `search example.com
+nameserver 1.2.3.4
+#nameserver 4.3.2.1`,
+			result: []string{"1.2.3.4/32"},
+		},
+		{
+			input: `search example.com
+nameserver 1.2.3.4 # not 4.3.2.1`,
+			result: []string{"1.2.3.4/32"},
+		},
+	} {
+		test := GetNameserversAsCIDR([]byte(tc.input))
+		if !strSlicesEqual(test, tc.result) {
+			t.Errorf("Wrong nameserver string {%s} should be %v. Input: %s", test, tc.result, tc.input)
+		}
+	}
+}
+
+func TestGetSearchDomains(t *testing.T) {
+	for _, tc := range []struct {
+		input  string
+		result []string
+	}{
+		{
+			input: ``,
+		},
+		{
+			input: `# ignored`,
+		},
+		{
+			input:  `search example.com`,
+			result: []string{"example.com"},
+		},
+		{
+			input:  `search example.com # ignored`,
+			result: []string{"example.com"},
+		},
+		{
+			input:  `	  search	 example.com	  `,
+			result: []string{"example.com"},
+		},
+		{
+			input:  `	  search	 example.com	  # ignored`,
+			result: []string{"example.com"},
+		},
+		{
+			input:  `search foo.example.com example.com`,
+			result: []string{"foo.example.com", "example.com"},
+		},
+		{
+			input:  `	   search	   foo.example.com	 example.com	`,
+			result: []string{"foo.example.com", "example.com"},
+		},
+		{
+			input:  `	   search	   foo.example.com	 example.com	# ignored`,
+			result: []string{"foo.example.com", "example.com"},
+		},
+		{
+			input: `nameserver 1.2.3.4
+search foo.example.com example.com`,
+			result: []string{"foo.example.com", "example.com"},
+		},
+		{
+			input: `nameserver 1.2.3.4
+search dup1.example.com dup2.example.com
+search foo.example.com example.com`,
+			result: []string{"foo.example.com", "example.com"},
+		},
+		{
+			input: `nameserver 1.2.3.4
+search foo.example.com example.com
+nameserver 4.30.20.100`,
+			result: []string{"foo.example.com", "example.com"},
+		},
+	} {
+		test := GetSearchDomains([]byte(tc.input))
+		if !strSlicesEqual(test, tc.result) {
+			t.Errorf("Wrong search domain string {%s} should be %v. Input: %s", test, tc.result, tc.input)
+		}
+	}
+}
+
+func TestGetOptions(t *testing.T) {
+	for _, tc := range []struct {
+		input  string
+		result []string
+	}{
+		{
+			input: ``,
+		},
+		{
+			input: `# ignored`,
+		},
+		{
+			input: `nameserver 1.2.3.4`,
+		},
+		{
+			input:  `options opt1`,
+			result: []string{"opt1"},
+		},
+		{
+			input:  `options opt1 # ignored`,
+			result: []string{"opt1"},
+		},
+		{
+			input:  `	  options	 opt1	  `,
+			result: []string{"opt1"},
+		},
+		{
+			input:  `	  options	 opt1	  # ignored`,
+			result: []string{"opt1"},
+		},
+		{
+			input:  `options opt1 opt2 opt3`,
+			result: []string{"opt1", "opt2", "opt3"},
+		},
+		{
+			input:  `options opt1 opt2 opt3 # ignored`,
+			result: []string{"opt1", "opt2", "opt3"},
+		},
+		{
+			input:  `	   options	 opt1	 opt2	 opt3	`,
+			result: []string{"opt1", "opt2", "opt3"},
+		},
+		{
+			input:  `	   options	 opt1	 opt2	 opt3	# ignored`,
+			result: []string{"opt1", "opt2", "opt3"},
+		},
+		{
+			input: `nameserver 1.2.3.4
+options opt1 opt2 opt3`,
+			result: []string{"opt1", "opt2", "opt3"},
+		},
+		{
+			input: `nameserver 1.2.3.4
+options opt1 opt2
+options opt3 opt4`,
+			result: []string{"opt3", "opt4"},
+		},
+	} {
+		test := GetOptions([]byte(tc.input))
+		if !strSlicesEqual(test, tc.result) {
+			t.Errorf("Wrong options string {%s} should be %v. Input: %s", test, tc.result, tc.input)
+		}
+	}
+}
+
+func strSlicesEqual(a, b []string) bool {
+	if len(a) != len(b) {
+		return false
+	}
+
+	for i, v := range a {
+		if v != b[i] {
+			return false
+		}
+	}
+
+	return true
+}
+
+func TestBuild(t *testing.T) {
+	tmpDir := t.TempDir()
+	file, err := os.CreateTemp(tmpDir, "")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	f, err := Build(file.Name(), []string{"ns1", "ns2", "ns3"}, []string{"search1"}, []string{"opt1"})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	const expected = "search search1\nnameserver ns1\nnameserver ns2\nnameserver ns3\noptions opt1\n"
+	if !bytes.Equal(f.Content, []byte(expected)) {
+		t.Errorf("Expected to find '%s' got '%s'", expected, f.Content)
+	}
+	content, err := os.ReadFile(file.Name())
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !bytes.Equal(content, []byte(expected)) {
+		t.Errorf("Expected to find '%s' got '%s'", expected, content)
+	}
+}
+
+func TestBuildWithZeroLengthDomainSearch(t *testing.T) {
+	tmpDir := t.TempDir()
+	file, err := os.CreateTemp(tmpDir, "")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	f, err := Build(file.Name(), []string{"ns1", "ns2", "ns3"}, []string{"."}, []string{"opt1"})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	const expected = "nameserver ns1\nnameserver ns2\nnameserver ns3\noptions opt1\n"
+	if !bytes.Equal(f.Content, []byte(expected)) {
+		t.Errorf("Expected to find '%s' got '%s'", expected, f.Content)
+	}
+	content, err := os.ReadFile(file.Name())
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !bytes.Equal(content, []byte(expected)) {
+		t.Errorf("Expected to find '%s' got '%s'", expected, content)
+	}
+}
+
+func TestBuildWithNoOptions(t *testing.T) {
+	tmpDir := t.TempDir()
+	file, err := os.CreateTemp(tmpDir, "")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	f, err := Build(file.Name(), []string{"ns1", "ns2", "ns3"}, []string{"search1"}, []string{})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	const expected = "search search1\nnameserver ns1\nnameserver ns2\nnameserver ns3\n"
+	if !bytes.Equal(f.Content, []byte(expected)) {
+		t.Errorf("Expected to find '%s' got '%s'", expected, f.Content)
+	}
+	content, err := os.ReadFile(file.Name())
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !bytes.Equal(content, []byte(expected)) {
+		t.Errorf("Expected to find '%s' got '%s'", expected, content)
+	}
+}
+
+func TestFilterResolvDNS(t *testing.T) {
+	ns0 := "nameserver 10.16.60.14\nnameserver 10.16.60.21\n"
+
+	if result, _ := FilterResolvDNS([]byte(ns0), false); result != nil {
+		if ns0 != string(result.Content) {
+			t.Errorf("Failed No Localhost: expected \n<%s> got \n<%s>", ns0, string(result.Content))
+		}
+	}
+
+	ns1 := "nameserver 10.16.60.14\nnameserver 10.16.60.21\nnameserver 127.0.0.1\n"
+	if result, _ := FilterResolvDNS([]byte(ns1), false); result != nil {
+		if ns0 != string(result.Content) {
+			t.Errorf("Failed Localhost: expected \n<%s> got \n<%s>", ns0, string(result.Content))
+		}
+	}
+
+	ns1 = "nameserver 10.16.60.14\nnameserver 127.0.0.1\nnameserver 10.16.60.21\n"
+	if result, _ := FilterResolvDNS([]byte(ns1), false); result != nil {
+		if ns0 != string(result.Content) {
+			t.Errorf("Failed Localhost: expected \n<%s> got \n<%s>", ns0, string(result.Content))
+		}
+	}
+
+	ns1 = "nameserver 127.0.1.1\nnameserver 10.16.60.14\nnameserver 10.16.60.21\n"
+	if result, _ := FilterResolvDNS([]byte(ns1), false); result != nil {
+		if ns0 != string(result.Content) {
+			t.Errorf("Failed Localhost: expected \n<%s> got \n<%s>", ns0, string(result.Content))
+		}
+	}
+
+	ns1 = "nameserver ::1\nnameserver 10.16.60.14\nnameserver 127.0.2.1\nnameserver 10.16.60.21\n"
+	if result, _ := FilterResolvDNS([]byte(ns1), false); result != nil {
+		if ns0 != string(result.Content) {
+			t.Errorf("Failed Localhost: expected \n<%s> got \n<%s>", ns0, string(result.Content))
+		}
+	}
+
+	ns1 = "nameserver 10.16.60.14\nnameserver ::1\nnameserver 10.16.60.21\nnameserver ::1"
+	if result, _ := FilterResolvDNS([]byte(ns1), false); result != nil {
+		if ns0 != string(result.Content) {
+			t.Errorf("Failed Localhost: expected \n<%s> got \n<%s>", ns0, string(result.Content))
+		}
+	}
+
+	// with IPv6 disabled (false param), the IPv6 nameserver should be removed
+	ns1 = "nameserver 10.16.60.14\nnameserver 2002:dead:beef::1\nnameserver 10.16.60.21\nnameserver ::1"
+	if result, _ := FilterResolvDNS([]byte(ns1), false); result != nil {
+		if ns0 != string(result.Content) {
+			t.Errorf("Failed Localhost+IPv6 off: expected \n<%s> got \n<%s>", ns0, string(result.Content))
+		}
+	}
+
+	// with IPv6 disabled (false param), the IPv6 link-local nameserver with zone ID should be removed
+	ns1 = "nameserver 10.16.60.14\nnameserver FE80::BB1%1\nnameserver FE80::BB1%eth0\nnameserver 10.16.60.21\n"
+	if result, _ := FilterResolvDNS([]byte(ns1), false); result != nil {
+		if ns0 != string(result.Content) {
+			t.Errorf("Failed Localhost+IPv6 off: expected \n<%s> got \n<%s>", ns0, string(result.Content))
+		}
+	}
+
+	// with IPv6 enabled, the IPv6 nameserver should be preserved
+	ns0 = "nameserver 10.16.60.14\nnameserver 2002:dead:beef::1\nnameserver 10.16.60.21\n"
+	ns1 = "nameserver 10.16.60.14\nnameserver 2002:dead:beef::1\nnameserver 10.16.60.21\nnameserver ::1"
+	if result, _ := FilterResolvDNS([]byte(ns1), true); result != nil {
+		if ns0 != string(result.Content) {
+			t.Errorf("Failed Localhost+IPv6 on: expected \n<%s> got \n<%s>", ns0, string(result.Content))
+		}
+	}
+
+	// with IPv6 enabled, and no non-localhost servers, Google defaults (both IPv4+IPv6) should be added
+	ns0 = "\nnameserver 8.8.8.8\nnameserver 8.8.4.4\nnameserver 2001:4860:4860::8888\nnameserver 2001:4860:4860::8844"
+	ns1 = "nameserver 127.0.0.1\nnameserver ::1\nnameserver 127.0.2.1"
+	if result, _ := FilterResolvDNS([]byte(ns1), true); result != nil {
+		if ns0 != string(result.Content) {
+			t.Errorf("Failed no Localhost+IPv6 enabled: expected \n<%s> got \n<%s>", ns0, string(result.Content))
+		}
+	}
+
+	// with IPv6 disabled, and no non-localhost servers, Google defaults (only IPv4) should be added
+	ns0 = "\nnameserver 8.8.8.8\nnameserver 8.8.4.4"
+	ns1 = "nameserver 127.0.0.1\nnameserver ::1\nnameserver 127.0.2.1"
+	if result, _ := FilterResolvDNS([]byte(ns1), false); result != nil {
+		if ns0 != string(result.Content) {
+			t.Errorf("Failed no Localhost+IPv6 enabled: expected \n<%s> got \n<%s>", ns0, string(result.Content))
+		}
+	}
+}

libnetwork/resolvconf/utils.go

@@ -3,14 +3,12 @@ package resolvconf
 import (
 	"crypto/sha256"
 	"encoding/hex"
-	"io"
 )
 
-// hashData returns the sha256 sum of src.
-func hashData(src io.Reader) (string, error) {
-	h := sha256.New()
-	if _, err := io.Copy(h, src); err != nil {
-		return "", err
-	}
-	return "sha256:" + hex.EncodeToString(h.Sum(nil)), nil
+// hashData returns the sha256 sum of data.
+func hashData(data []byte) []byte {
+	f := sha256.Sum256(data)
+	out := make([]byte, 2*sha256.Size)
+	hex.Encode(out, f[:])
+	return append([]byte("sha256:"), out...)
 }

libnetwork/resolvconf/utils_test.go

@@ -1,18 +1,21 @@
 package resolvconf
 
 import (
-	"strings"
+	"bytes"
 	"testing"
 )
 
 func TestHashData(t *testing.T) {
-	reader := strings.NewReader("hash-me")
-	actual, err := hashData(reader)
-	if err != nil {
-		t.Fatal(err)
+	const expected = "sha256:4d11186aed035cc624d553e10db358492c84a7cd6b9670d92123c144930450aa"
+	if actual := hashData([]byte("hash-me")); !bytes.Equal(actual, []byte(expected)) {
+		t.Fatalf("Expecting %s, got %s", expected, string(actual))
 	}
-	expected := "sha256:4d11186aed035cc624d553e10db358492c84a7cd6b9670d92123c144930450aa"
-	if actual != expected {
-		t.Fatalf("Expecting %s, got %s", expected, actual)
+}
+
+func BenchmarkHashData(b *testing.B) {
+	b.ReportAllocs()
+	data := []byte("hash-me")
+	for i := 0; i < b.N; i++ {
+		_ = hashData(data)
 	}
 }

libnetwork/sandbox_dns_unix.go

@@ -4,6 +4,7 @@
 package libnetwork
 
 import (
+	"bytes"
 	"fmt"
 	"net"
 	"os"
@@ -279,7 +280,8 @@ func (sb *Sandbox) setupDNS() error {
 	}
 
 	// Write hash
-	if err := os.WriteFile(sb.config.resolvConfHashFile, []byte(newRC.Hash), filePerm); err != nil {
+	err = os.WriteFile(sb.config.resolvConfHashFile, newRC.Hash, filePerm)
+	if err != nil {
 		return types.InternalErrorf("failed to write resolv.conf hash file when setting up dns for sandbox %s: %v", sb.ID(), err)
 	}
 
@@ -287,11 +289,6 @@ func (sb *Sandbox) setupDNS() error {
 }
 
 func (sb *Sandbox) updateDNS(ipv6Enabled bool) error {
-	var (
-		currHash string
-		hashFile = sb.config.resolvConfHashFile
-	)
-
 	// This is for the host mode networking
 	if sb.config.useDefaultSandBox {
 		return nil
@@ -301,23 +298,20 @@ func (sb *Sandbox) updateDNS(ipv6Enabled bool) error {
 		return nil
 	}
 
+	var currHash []byte
 	currRC, err := resolvconf.GetSpecific(sb.config.resolvConfPath)
 	if err != nil {
 		if !os.IsNotExist(err) {
 			return err
 		}
 	} else {
-		h, err := os.ReadFile(hashFile)
-		if err != nil {
-			if !os.IsNotExist(err) {
-				return err
-			}
-		} else {
-			currHash = string(h)
+		currHash, err = os.ReadFile(sb.config.resolvConfHashFile)
+		if err != nil && !os.IsNotExist(err) {
+			return err
 		}
 	}
 
-	if currHash != "" && currHash != currRC.Hash {
+	if len(currHash) > 0 && !bytes.Equal(currHash, currRC.Hash) {
 		// Seems the user has changed the container resolv.conf since the last time
 		// we checked so return without doing anything.
 		// logrus.Infof("Skipping update of resolv.conf file with ipv6Enabled: %t because file was touched by user", ipv6Enabled)
@@ -344,14 +338,14 @@ func (sb *Sandbox) updateDNS(ipv6Enabled bool) error {
 		tmpHashFile.Close()
 		return err
 	}
-	_, err = tmpHashFile.Write([]byte(newRC.Hash))
+	_, err = tmpHashFile.Write(newRC.Hash)
 	if err1 := tmpHashFile.Close(); err == nil {
 		err = err1
 	}
 	if err != nil {
 		return err
 	}
-	return os.Rename(tmpHashFile.Name(), hashFile)
+	return os.Rename(tmpHashFile.Name(), sb.config.resolvConfHashFile)
 }
 
 // Embedded DNS server has to be enabled for this sandbox. Rebuild the container's